From 20c5ae7d64eb14163bb4e6d913ca20e149fcbc75 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 14 Jun 2013 11:34:01 -0700
Subject: [PATCH] fix(cros-bootkernel/x86_64_defconfig_boot) disable SELINUX

The boot kernel only needs the default Linux security model, so disable
SELinux and the other kernel security models.
---
 .../eclass/cros-kernel/x86_64_defconfig_boot  | 27 +++----------------
 1 file changed, 3 insertions(+), 24 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/cros-kernel/x86_64_defconfig_boot b/sdk_container/src/third_party/coreos-overlay/eclass/cros-kernel/x86_64_defconfig_boot
index 7e8197547e..cb57fa04e8 100644
--- a/sdk_container/src/third_party/coreos-overlay/eclass/cros-kernel/x86_64_defconfig_boot
+++ b/sdk_container/src/third_party/coreos-overlay/eclass/cros-kernel/x86_64_defconfig_boot
@@ -676,7 +676,6 @@ CONFIG_IPV6_SUBTREES=y
 CONFIG_IPV6_MROUTE=y
 CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
 CONFIG_IPV6_PIMSM_V2=y
-CONFIG_NETLABEL=y
 CONFIG_NETWORK_SECMARK=y
 CONFIG_NETWORK_PHY_TIMESTAMPING=y
 # CONFIG_NETFILTER is not set
@@ -1968,7 +1967,6 @@ CONFIG_FSNOTIFY=y
 CONFIG_DNOTIFY=y
 CONFIG_INOTIFY_USER=y
 CONFIG_FANOTIFY=y
-CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
 CONFIG_QUOTA=y
 CONFIG_QUOTA_NETLINK_INTERFACE=y
 # CONFIG_PRINT_QUOTA_WARNING is not set
@@ -2310,29 +2308,10 @@ CONFIG_KEYS=y
 # CONFIG_ENCRYPTED_KEYS is not set
 CONFIG_KEYS_DEBUG_PROC_KEYS=y
 # CONFIG_SECURITY_DMESG_RESTRICT is not set
-CONFIG_SECURITY=y
+# CONFIG_SECURITY is not set
 CONFIG_SECURITYFS=y
-CONFIG_SECURITY_NETWORK=y
-CONFIG_SECURITY_NETWORK_XFRM=y
-# CONFIG_SECURITY_PATH is not set
-CONFIG_LSM_MMAP_MIN_ADDR=65536
-CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
-CONFIG_SECURITY_SELINUX_DISABLE=y
-CONFIG_SECURITY_SELINUX_DEVELOP=y
-CONFIG_SECURITY_SELINUX_AVC_STATS=y
-CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
-# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
-# CONFIG_SECURITY_SMACK is not set
-# CONFIG_SECURITY_TOMOYO is not set
-# CONFIG_SECURITY_APPARMOR is not set
-# CONFIG_SECURITY_YAMA is not set
-# CONFIG_IMA is not set
-# CONFIG_EVM is not set
-CONFIG_DEFAULT_SECURITY_SELINUX=y
-# CONFIG_DEFAULT_SECURITY_DAC is not set
-CONFIG_DEFAULT_SECURITY="selinux"
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
 CONFIG_XOR_BLOCKS=m
 CONFIG_CRYPTO=y